CLSA-2026-1777544441

See a problem?
Import Source
https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544441.json
JSON Data
https://api.test.osv.dev/v1/vulns/CLSA-2026-1777544441
Upstream
Published
2026-05-02T01:09:10Z
Modified
2026-05-27T11:18:24.803664381Z
Summary
vim: Fix of 13 CVEs
Details
  • CVE-2021-3796: fix use-after-free in nvreplace by getting the line pointer again after inscopychar may have released it
  • CVE-2021-3973: fix heap buffer overflow in findfileinpathoption by rejecting len == 0 inputs
  • CVE-2022-0413: fix use-after-free in do_sub when the substitute string is a "\=" expression by copying the string before eval
  • CVE-2022-0943: fix heap overflow in spell_suggest when "z=" in Visual mode by clamping badlen to the remaining line length
  • CVE-2022-1620: fix NULL pointer access by guarding both vimregexec calls in fnamematch and the second fnamematch call in buflistmatch against rmp->regprog becoming NULL after the AUTOMATIC_ENGINE fallback fails to recompile the pattern
  • CVE-2022-1796: fix use-after-free in findpatternin_path by making a copy of the identifier pointer before the call
  • CVE-2022-2207: fix read-before-start-of-line in insbs by requiring wcursor.col > 0 in the whitespace back-step loop
  • CVE-2022-3235: fix use-after-free in cmdline input-method handling by tracking the owning buffer and checking buf_valid
  • CVE-2022-3296: fix buffer underflow in exfinally by searching for a valid CSFTRY frame before accessing cs_flags
  • CVE-2023-46246: fix integer overflow in :history by clamping long values to INT_MAX before casting to int
  • CVE-2023-48231: fix use-after-free in win_close by returning early when the window is no longer valid after BufLeave
  • CVE-2023-48706: fix use-after-free in ex_substitute by always allocating sub and freeing it on every exit path
  • CVE-2026-33412: fix command injection via newline in glob() by adding '\n' to the SHELL_SPECIAL escape set
References

Affected packages

TuxCare:CentOS:7 / vim-X11

Package

Name
vim-X11
Purl
pkg:rpm/tuxcare/vim-X11?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.4.629-8.0.1.el7_9.tuxcare.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544441.json"

TuxCare:CentOS:7 / vim-common

Package

Name
vim-common
Purl
pkg:rpm/tuxcare/vim-common?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.4.629-8.0.1.el7_9.tuxcare.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544441.json"

TuxCare:CentOS:7 / vim-enhanced

Package

Name
vim-enhanced
Purl
pkg:rpm/tuxcare/vim-enhanced?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.4.629-8.0.1.el7_9.tuxcare.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544441.json"

TuxCare:CentOS:7 / vim-filesystem

Package

Name
vim-filesystem
Purl
pkg:rpm/tuxcare/vim-filesystem?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.4.629-8.0.1.el7_9.tuxcare.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544441.json"

TuxCare:CentOS:7 / vim-minimal

Package

Name
vim-minimal
Purl
pkg:rpm/tuxcare/vim-minimal?distro=centos-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:7.4.629-8.0.1.el7_9.tuxcare.els11

Database specific

source 
"https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/centos7els/CLSA-2026-1777544441.json"